Executive Summary

Summary
Title AirSpan Base Station Distribution Unit remote access vulnerability
Informations
Name VU#446403 First vendor Publication 2008-03-21
Vendor VU-CERT Last vendor Modification 2008-04-01
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#446403

AirSpan Base Station Distribution Unit remote access vulnerability

Overview

AirSpan Base Station Distribution Units may contain an undocumented telnet server that authenticates via a known password and is enabled by default.

I. Description

From the AirSpan MicroMax product page:

    The base station is highly modular in design and is composed of two main components: the all outdoor Base Station Radios (BSR) and the indoor Base Station Distribution Unit (BSDU). Each base station could contain up to 12 BSRs, depending on the amount of available spectrum. Each BSR is connected to the BSDU via a 100BaseT interface operating over a Cat5 cable which carries both data and power.


Per the AirSpan WiMAX MicroMAX vulnerability report site:
    AirSpan BSDU has a serious security hole, which allows anyone to get remote access to device with root privileges using undocumented telnet access that is on by default. This is possible because all BSDUs share the same root password

II. Impact

A remote, unauthenticated attacker may be able to log in to an affected device as the root user.

III. Solution

Change the default password


Change the default password on affected devices. See AirSpan Product Bulletin PB/ASM/2008/015 Rev A for more information.
Restrict access

Restrict access to the web telnet interface to trusted networks. If possible, configure management and transit networks for separate VLANs, or restrict access to the device using IP access lists.

Systems Affected

VendorStatusDate Updated
AirspanVulnerable21-Mar-2008

References


http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=30263
http://www.airspan.com/products_sub_micromax.htm
http://airspan4wimax.googlepages.com/
http://grouper.ieee.org/groups/802/16/
http://en.wikipedia.org/wiki/WiMAX

Credit

Information in this report was provided by the AirSpan WiMAX MicroMAX website.

This document was written by Ryan Giobbi.

Other Information

Date Public03/18/2008
Date First Published03/21/2008 11:32:56 AM
Date Last Updated04/01/2008
CERT Advisory 
CVE Name 
US-CERT Technical Alerts 
Metric0.75
Document Revision13

Original Source

Url : http://www.kb.cert.org/vuls/id/446403

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1

Open Source Vulnerability Database (OSVDB)

Id Description
44058 Airspan Base Station Distribution Unit (BSDU) Telnet Server Default Root Pass...